Some of my observations have compelled me to make this post. The bottom line is that the American media is failing us on COVID-19 coverage because it can’t get past partisanship.

The right-wing media is trying to tell you that it’s all been blown out of proportion and there is nothing to worry. The left-wing media is fixated on how severely Trump has failed/is failing at his handling of this pandemic. Neither is helpful.

The solution is to arm yourself with as much information as you can and form your own opinions.

I created a bookmark folder called COVID-19 and stuck these links in it. Now I just right-click -> open all in new tabs and read all of the sources.

Looking back at last Friday. It seems so long ago but it was really only three days ago. I was out taking a certification exam and dined at a local restaurant for lunch. Things were quiet, but not overly so. I kind of saw things coming, so I stopped off at Fortress Comics and purchased a few board games.

Things had just started getting out at that point. The first infections in Michigan were reported. And one, only miles away, in East
Lansing. A woman who caught it on a cruise ship, according
to the news.

The cruise ships were insane! The World Health Organization released data
on how many infections and fatalities by country and listed the cruise ships as
well. Among the countries.

I get the feeling that the people in the federal government with smarts are trying to walk a tight rope of keeping people safe vs. not infringing on each state writes to govern itself. As such, at this stage, the federal government is only making mandates if they are absolutely necessary. It’s not worth the noise the states will make otherwise.

So, as of this morning in Michigan, they had limited gatherings to more than 50 people.

This is going to be the strangest question that was ever used to start an article: Have you ever blown your nose after having worked in the shop all day? It’s gross, isn’t it? All that sawdust floating around air-bourne! That tissue just contains the stuff that your nose was able to filter. The rest is in your lungs. Gross, eh? Also not super healthy.

So, wait! What’s this about an exoskeleton?!

I used 1×2’s to wrap my box in all the right places so it accepts a furnace filter. It sucks in dirty, sawdust-filled air, and shoots it out into a furnace filter. Cleaning the air, and maybe even saving my lungs.

I had been listening to my co-workers talk about bitcoin and other cryptocurrencies for a while. Being that it’s the preferred payment method of the underground (i.e.darkweb, ransomware and so on) — and it’s my job as incident response manager to understand that sort of thing — I decided to give it a try.

In early December of 2017, I invested a modest amount of money in LiteCoin and Etherium. This was about the time Bitcoin was on its meteoric rise from $17k to $20k per coin. I knew I could buy a tiny fraction and still join the BitCoin bandwagon, but something in me told me it was bound to crash at any time.

I joined CoinBase and bought some Etherium (at $1,519) and LiteCoin (at $101). I used this experience to watch and learn. As I continued to watch and learn a few weeks pass and I learned of Ripple. It was trading at $2.69 and had the third largest market cap of the cryptocurrencies, only being surpassed by BitCoin and Etherium.

Having just watched all of my other invests surge to insane levels I decided that I NEEDED Ripple. If I didn’t get in on it that weekend, it would surge to thousands per coin, like Etherium, and I would be kicking myself.

It would seem everyone else was thinking the same thing because all of the currency exchanges that traded in Ripple were either down (due to load), backlogged weeks for account verification (due to load), or required you to hook up to your bank account.

Finally, I found qryptos. I couldn’t use my credit card to purchase Ripple, but I could trade BitCoin for Ripple. The answer was so clear. I buy BitCoin from coinbase, transfer it to my qryptos wallet, and then exchange the BitCoin for Ripple. Brilliant! Or not.

Buying my first chunks of BitCoin on CoinBase was my first wake up call. $18.00 service fee for the purchase of $200 worth of BitCoin. Ouch.I transfer it from my CoinBase wallet to my qryptos wallet… $18.00 transaction fee. Ouch.

It’s really incredible to revisit this blog and see how much has happened since my last post in 2014. We have had IOT and SCADA pop out as a gigantic attack surface. Things that once seemed like movie plot threats are now common place. We have had the data of essentially every American ever leaked in breaches of Yahoo, OPM, Equifax and tons more. The advent of crypto currency is making it easier than ever for entire underground markets to live and die.

What’s more amazing (or worrying) is the introduction of real life cyberwarfare and political manipulation through hacking. Everything we depend on lives on the internet in one way or another. It only makes sense that targets once thought to be off-limits are now fair game.

It’s safe to say that the stakes have never been higher. Fortunately, it’s finally getting the media and political attention it deserves. It took a lot of painful “toldja so” moments to get here, but we made it. Now, as infosec professionals, we need to know how to capitalize on this attention and make the most of it. Our industry had bread some great thinkers and communicators who know how to communicate the appropriate messages to the proper audiences. We just need to hope these audiences are listening.

My web server has been under attack since early this month. This is a dedicated server that I have leased for years. It only hosts a couple of sites for me, my family and a few select friends. Nothing of any real importance or sensitivity exists on it. Why this insignificant little server attracted the attention of someone who has access a 20,000+ node, worldwide bonnet is beyond me.

It started when I noticed that sites weren’t loading. I shelled into the box and found the load hovering around 30+. ps and top showed that apache was the culprit. I combed through some logs and found that my wife’s site, messymissy.net, was being hammered. Hundreds of POST requests per second to her index page. I tcpdumped some of it and found that it was garbage or encrypted payloads destined for gryphn.com. She has owned gryphn.com for almost 10 years and has it parked on top of messymissy.net.

We unparked the domain and removed the DNS zone file and apache started working again.

A couple of hours later we noticed that nothing on our server was resolving. I shelled back in and found that DNS was now being hammered with queries to cached zone files for gryphn.com (which didn’t exist). This log excerpt represents a tenth of a second worth of traffic.

I logged into my DNS provider and enabled the use of their DNS servers. We awaiting propagation of the new authoritative name servers and load returned to normal.

Immediately following that we started receiving distributed brute force login attacks to multiple email accounts (that don’t exist) associated with multiple domains that we host. I configured my firewall scripts to monitor for this sort of thing and block them. As the firewall block list grew, the amount of invalid login attempt notifications shrunk. Eventually a large part of the botnet was being blocked by my firewall.

I guess they still had some nodes that weren’t blocked yet (and some fight left in them), because the most recent activity involves distributed brute force login attempts against WordPress sites. I added a mod_security signature to catch it and modified my firewall scripts to block IPs that trigger the rule too many times.

It’s a really fun cat and mouse game of changing attack methods on a massive scale (world-wide bonnet of 20,000+ zombies). I’m working on scripts that will mine my logs for multiple block events and send automated x-ARF notifications to abuse@contacts for the zombies.

I have no idea what it is they are after, but I’m having fun playing.

If you are responsible, use the contact form on my site to send me an idea of what it is you want. I won’t give it you, but the suspense is killing me. 🙂

I have been working on ‘the perfect stout’ for a long time. In fact one of the first batches I ever brewed was a stout.

A while back I create “The Stout Experiment” in an effort to try multiple additions in a single batch. Oddly enough the control (without any additions) ended up being the best.

I have since done three other bathes (including this one) that has tweaked the recipe slightly each time, based on my tasting notes.

Appearance: Dark, no light gets through. Tan (khaki) head with tight bubbles. Alcohol clings to the side of the glass with lacing from the head.Mouthfeel: silky smooth, but not thick or heavy. The rolled oats contributed to this.Flavor: Sweet Carmel at first gives way to burnt coffee, dark chocolate and a hint of grapefruit from the cascade hops. Aroma: Carmel and noble hops.

All in all it’s the best stout I have ever had but I can identify at least two or three places that show room for improvement.

Next batch I think I will add more roasted barley to turn up that burnt coffee flavor a little and possibly change the aroma hop.

I’m going to brew a big, warming beer for my next batch. Something that will toast your innards with alcohol burn and warm you up.

I am thinking either a Scottish wee heavy of Russian imperial stout.

The only problem is that these types of beers require extensive aging. a RIS would be barely drinkable by Christmas.

I saw on a brewing tv episode that a mead maker used a staggered yeast addition to give his mead a cellared flavor right from the carboy.

Has anyone tried this with beer? I would rather not experiment on a huge expensive beer like a RIS, but will if I don’t hear from anyone… for science!

At the same time I wanted my next batch to be the one I tried the “Brew in a Bag” method. Do the full mash in my boil kettle is appealing. To raise the temperature I just add or adjust flame. After the mash I just lift the bag out, rinse/sparge and start my boil. Plus it will be less clean up without having to rinse my mash tun.

The problem with my next batch being a big beer and my first bib batch is the risk of overflowing my kettle. 15-20 lbs of grain, 7 gallons for the boil plus however much I need to figure in for absorption during the mash… than re adding for sparge. None of my software will do the math for brew in a bag so this is all going to have to be done manually.. yup.. on my fingers.

I used “Superior” brand Australian Lager yeast for the first time on a black lager. I was able to find very little information on it online so I pretty much threw caution to the wind and used it.

I pitched at about 70 degrees and stuck in my lager area at about 50 degrees. After a week of not checking on it I took a gravity reading and it was still at its original gravity. No fermentation had happened at all.

I transferred it off its yeast cake into a 5gal carboy and stuck it in my ale closet to warm up so I could pitch another yeast.

After one day at 70 (even after transferring it off its yeast cake) it went crazy! Lava lamp style active fermentation. Apparently this is a lager yeast that has to ferment at ale temps? After about 10 days the gravity was at its expected terminal gravity reading. I transferred it again and stuck it in the lager closet at 50. I will let you guys know how it turns out.

Wow has it been a long time! I was maintaining radio silence during my security clearance background investigation. Now that its all over expect me to post more (honest).

For those of you not close to me, I was hired by the DoD (Department of Defense). What does this mean? Well you will never again hear the words “today at work…” uttered again. That does not mean I will lacking topics to post about.

My security research at home is picking up again. Expect posts on the topics of forensics, anti-forensics, malware and possibly a new pentest tool or two.

It’s nice to be back and for those of you reading this, thank you for sticking it out and visiting again.